The threat landscape is always evolving. As today’s modern workforce continues to work from ‘anywhere,’ threat actors are constantly looking for new ways to evade detection and target victims. Jim Gogolinski, iboss VP of Research and Intelligence, provided insights on the 2022 threat landscape and what organizations can do to best protect themselves during a recent webcast.
“More companies will embrace a shift of security to zero trust,” Gogolinski explains. “A full zero trust approach requires extensive planning and includes protecting and controlling access to all key resources.” It’s not enough to simply trust a cloud provider; companies must also control the data that flows in and out of their organizations.
Just as with 2021, the supply chain will continue to be a major player in cybersecurity efforts. With open source frameworks and tools and mobile connectivity, companies have limited control over their software applications. Targeting these vulnerabilities, is an effective way for hackers to kick off their attack chain. Gogolinski highlights, “No vendor wants to be the cause of another Solar Winds hack.” Executive orders and industry standards, including NIST 800-207, will trickle down to the private sector and contribute to proactive security changes.
Mergers and acquisitions will also factor into the 2022 threat landscape as the current business and economic climate have created a ripe market for M&A activity. In fact, Gogolinkski says companies can consider this another attack vector for a supply chain attack: “Acquired firms might be running older versions of Log4j or may have vulnerable firmware on their routers or network-facing devices.” Further, as rumors of a merger or acquisition swirl, companies can become targets of new attackers.
When it comes to ransomware, what’s old is, in many ways, new again. We expect to see higher ransoms, increased sophistication, including specialization, specific targeting, and organizational shifts. The big players are carefully considering who they want to target and what their ROI is, as their operational risks have increased. Some cyber groups will break up and reform, coming back stronger and reforming as they revisit their TTPs, while new threat organizations will also emerge. Fortunately, government involvement and takedowns can help decrease ransomware risks, as other threat actors are being taken down by agencies.
Advanced Persistent Threats (APTs) “are still out there,” Gogolinski states. Every nation around the world, he continues, is upping their cyber game from a nation-state perspective. Moreover, “the world is in a perilous position with all nations jockeying for power” across the military, geopolitical, and economic spectrum. Organization Insiders will continue to be a risk and nations are known to plant them or use MICE (money, ideology, compromise or ego) to compromise them. It’s never too early to lay the groundwork to prepare against APTs; they are prevalent with low cost, highly effective operations.
Gogolinski summarizes his conclusions to remind us of some critical points:
- All cyber efforts should be viewed through the lens of zero trust
- A continuing work-from-home model creates inherent security challenges to organizations
- Zero trust and the shift to the cloud must be done correctly
- Organizations should carefully scrutinize their supply chains
- Mergers and acquisitions present risks for cybersecurity professionals
- APTs will still play a key role